webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-26 19:00:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,341 Commits 2 Branches 1 Tag
d1654fd0001ae67dbd7ff52ef19cd3cf30de128f
Commit Graph

3319 Commits

Author SHA1 Message Date
Arne Fitzenreiter
280a17c239 Merge remote-tracking branch 'origin/master' into kernel-4.14 2017-12-14 19:54:48 +01:00
Michael Tremer
f451d465fb Drop nagiosql 
This is no longer maintained any more and therefore being dropped

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-14 17:48:24 +00:00
Michael Tremer
ba03193ba7 fireinfo: Update to 2.1.12 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-14 17:44:20 +00:00
Michael Tremer
396ff12342 pakfire: Properly check if we have our key with our fingerprint 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-12 19:40:01 +00:00
Michael Tremer
73b2988ae4 pakfire: Drop importing CACert's PGP key 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-12 19:28:16 +00:00
Arne Fitzenreiter
2723ef8721 Merge remote-tracking branch 'origin/next' into kernel-4.14 2017-12-12 07:53:33 +01:00
Matthias Fischer
db9f57143f pakfire - 'functions.pl': fixed typo 
Just read this typo in a forum posting. Couldn't resist...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-05 17:03:36 +00:00
Arne Fitzenreiter
796c5e73cb Merge remote-tracking branch 'origin/next' into kernel-4.14 2017-12-01 00:58:27 +01:00
Michael Tremer
b269686f88 misc-progs: syslogdctrl: Fix data type of protocol variable 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-30 14:36:28 +00:00
Arne Fitzenreiter
5b117ef49a Merge remote-tracking branch 'origin/next' into kernel-4.14 2017-11-29 17:37:51 +01:00
Peter Müller
cbd1f0e719 allow remote syslog via TCP in syslogdctrl.c 
Make syslogctrl.c use TCP as remote logging file if specified so.

Thanks to Michael for reviewing this.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 17:45:52 +00:00
Michael Tremer
56720befc7 Drop vsftpd which isn't actively maintained any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 17:30:08 +00:00
Michael Tremer
d38edcf8b4 pound: Drop package which isn't very actively maintained any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 17:29:55 +00:00
Michael Tremer
11e900e0b4 apache: Wait until apache has stopped when we want to stop it 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 14:14:16 +00:00
Michael Tremer
d409286074 apache: Ensure that not everyone can read the keys 
This would become a security risk if anyone gets
shell access as any user to copy out the HTTPS keys.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 14:11:49 +00:00
Arne Fitzenreiter
0476a6570d samba: import security updates from redhead 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-11-27 18:20:59 +01:00
Michael Tremer
6c4cc7ea1b Move toolchain from /tools to /tools_${arch} 
This will allow us to run multiple builds on the same
system at the same time (or at least have them on disk).

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-23 15:57:28 +00:00
Arne Fitzenreiter
2e1fe3c816 kernel: update to 4.14.1 
only x86_config has updated yet and grsecurity is removed.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-11-22 12:29:36 +01:00
Peter Müller
bb6481a820 validate GPG keys by fingerprint 
Validate GPG keys by fingerprint and not by 8-bit key-ID.

This makes exploiting bug #11539 harder, but not impossible
and does not affect existing installations.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-13 22:41:21 +00:00
Michael Tremer
9bb4055367 captive portal: Require authorization before redirecting to proxy 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-11 12:48:54 +00:00
Michael Tremer
682a6b2dc8 unbound: Silence error when upstream name servers cannot be read 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-07 16:02:28 +01:00
Arne Fitzenreiter
d23a284f02 Revert "kernel: revert an upstream patch that break 8TB Blockdevices on 32bit" 
This reverts commit c64e080f3a.
 2017-11-02 19:20:41 +01:00
Arne Fitzenreiter
c64e080f3a kernel: revert an upstream patch that break 8TB Blockdevices on 32bit 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-11-01 13:38:18 +01:00
Arne Fitzenreiter
d12ad00385 Merge remote-tracking branch 'origin/master' into kernel-4.9 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-10-22 21:57:30 +02:00
Arne Fitzenreiter
9064ba72fe drop httpscert and merge to apache initskript 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-10-22 15:50:38 +02:00
Michael Tremer
c061d66fca cdrom: Change format to XZ and compress in parallel 
This allows us to use all processor cores to compress
the image faster.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-17 14:58:52 +01:00
Michael Tremer
d7d5774529 KRACK attack: Patch wpa_supplicant & hostapd 
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
  CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,
  CVE-2017-13087, CVE-2017-13088

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-16 15:49:35 +01:00
Michael Tremer
fb76fc5144 installer: Fix detection if we have the correct ISO image mounted 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-12 15:50:31 +01:00
Michael Tremer
f754146b1e installer: Allow download of ISO images over HTTPS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-12 15:32:21 +01:00
Peter Müller
5760f93a74 generate ECDSA key on existing installations 
Generate ECDSA key (and sign it) in case it does not exist. That way,
httpscert can be ran on existing installations without breaking already
generated (RSA) keys.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:05:34 +01:00
Matthias Fischer
e3fc1d0a2b apache: Update to 2.4.28 
http://apache.mirror.digionline.de//httpd/CHANGES_2.4.28

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:46:00 +01:00
Michael Tremer
6772cc8035 Download ISO images from https://downloads.ipfire.org 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-06 13:03:40 +01:00
Michael Tremer
5e6fcc8844 Pull latest translations for installer & setup from Transifex 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-06 12:15:26 +01:00
Michael Tremer
cb40ff6027 captive portal: Reload firewall rules after cleanup 
This is not necessary to stop any clients from accessing the
Internet, but if we know that we don't need a line for certain
any more, we can as well remove the firewall rule straight away.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:09:58 +02:00
Michael Tremer
9c83954567 captivectrl: Remove unused code 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:06:45 +02:00
Michael Tremer
b1773d1a37 captive portal: Don't remove unlimited access after one hour 
Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:04:29 +02:00
Michael Tremer
027614d2dc Merge branch 'captive-portal' into next 2017-10-04 16:10:07 +01:00
Arne Fitzenreiter
3aa4579f8f Merge remote-tracking branch 'origin/next' 2017-09-23 10:38:18 +02:00
Michael Tremer
5511fa319a captive: Fix another typo in captivectrl 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
abc41f02dd captive: Do not generally allow access to TCP/1013 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
fb1d26d1bc captivectrl: Add protection against DNS tunnels 
Limit the amount of DNS traffic for each client that
has not registered, yet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
76ece32362 captivectrl: Skip all lines that start with # 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Alexander Marx
07d56062a9 Captive-Portal: fix cleanup script 
The cleanup-script did not write back the hash after the expired voucher
was delted

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:45 +01:00
Alexander Marx
e01c5ab71a Captive-Portal: redesign Webinterface 
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:03 +01:00
Alexander Marx
bbaa3613b4 Captive-Portal: add captive chains to firewall initscript 
When loading the initscript of the firewall the neccessary chains for
the captive portalneed to be created.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:03 +01:00
Alexander Marx
4d9002279f Captive-Portal: add crontab and cleanup scripts 
The cleanup script is called every hour and deletes expired clients from
the clients file.
every night the captivectrl warpper runs once to flush the chains and
reload rules for active clients

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:03 +01:00
Michael Tremer
cec16b8242 captivectrl: Move sure that the settings are always initialised 
This just removes a compiler warning.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:03 +01:00
Michael Tremer
5906c96206 wirelessctrl: Disable MAC filter on blue if captive portal is enabled 
Fixes #11038

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:03 +01:00
Michael Tremer
0d6a599aba captivectrl: Add missing space character 
The iptables argument list was botched. Oops. Sorry.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:03 +01:00
Michael Tremer
0c24f0a9df captivectrl: Support unlimited leases 
When the expiry time equals zero, the lease will have
no time constraints. The IP address will also be removed
as it might probably change.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:03 +01:00